PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.

Browse Source 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
This commit is contained in:
Bernardo Damele
2011-01-11 22:18:47 +00:00
parent 06230e4d92
commit 300128042c
10 changed files with 254 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/inject.py
View File

@@ -397,7 +397,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if conf.direct:
value = direct(expression)
elif kb.unionTest or any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
query = cleanQuery(expression)
query = expandAsteriskForColumns(query)
value = None
@@ -414,7 +414,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
else:
forgeCaseExpression = agent.forgeCaseStatement(expression)
if inband and kb.unionTest is not None:
if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
kb.technique = PAYLOAD.TECHNIQUE.UNION
if expected == EXPECTED.BOOL: